This application provides an authentication credential protection method and system. The protection method includes the following steps: generating authentication secret information based on a lock screen password and hardware secret information of a first device; randomly generating, by the first device, a symmetric key, and using the symmetric key as an encryption key for the authentication secret information; splitting the encryption key into at least two first key segments by using a multi-party data splitting algorithm, where one of the at least two first key segments is stored on the first device; and sending, by the first device, another first key segment to a trusted device. In the foregoing technical solution, the authentication secret information is generated by using the lock screen password and the hardware secret information, increasing information complexity. In addition, different trusted devices are used to store the split key segments, improving security of the encryption key.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The authentication credential protection method according to claim 1, wherein the splitting algorithm comprises a secure multi-party data splitting algorithm.
5. The authentication credential protection method according to claim 1, wherein the first device is connected to the trusted device through a secure channel.
8. The authentication credential protection method according to claim 7, wherein the method further comprises: before performing the multi-party computation, performing the user identity information authentication on the trusted device, and after the user identity information is determined, performing the secure multi-party computation between the trusted device and the first device by using the at least two first key segments respectively stored on the trusted device and the first device as the key division input to the secure multi-party computation.
13. The authentication credential protection system according to claim 12, wherein the splitting algorithm comprises a secure multi-party data splitting algorithm.
15. The authentication credential protection system according to claim 12, wherein the trusted device comprises a second communications module, and the first communications module is connected to the second communications module through a secure channel.
18. The authentication credential protection system according to claim 17, wherein the first processing module is further configured to: reset the lock screen password, and generate new authentication secret information based on the reset lock screen password and the hardware secret information of the first device; and transfer the first authentication secret information and the new authentication secret information to a Trusted Execution Environment (TEE) as parameters, the TEE compares the first authentication secret information with the authentication secret information stored in the TEE, and if the two pieces of authentication secret information match, the TEE replaces the authentication secret information stored in the TEE with the new authentication secret information.
19. The authentication credential protection system according to claim 18, wherein the first processing module is further configured to randomly generate a new symmetric key and use the new symmetric key as a new encryption key for the new authentication secret information.
20. The authentication credential protection system according to claim 19, wherein the first processing module is further configured to split the new encryption key into at least two second key segments by using the splitting algorithm; the first storage module, configured to store one of the at least two second key segments; the first communications module, configured to send an other one of the at least two second key segments to the trusted device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
July 9, 2021
December 3, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.